CN108881159A - A kind of method of controlling security - Google Patents
A kind of method of controlling security Download PDFInfo
- Publication number
- CN108881159A CN108881159A CN201810420903.3A CN201810420903A CN108881159A CN 108881159 A CN108881159 A CN 108881159A CN 201810420903 A CN201810420903 A CN 201810420903A CN 108881159 A CN108881159 A CN 108881159A
- Authority
- CN
- China
- Prior art keywords
- source data
- sensibility
- demand
- data
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The present invention relates to a kind of method of controlling security, the method includes:S1:Receive the source data from one or more servers;S2:Safety evaluation is carried out to the source data.The present invention can carry out safety evaluation to the data got; the demand that the safety evaluation considers not only user itself also considers public demand; automatic safety protection is carried out based on safety evaluation result; at the same time; effective Feedback can also be carried out to the data source for obtaining data; to form benign positive feedback, the efficiency of security control is greatly improved.
Description
【Technical field】
The invention belongs to data security arts more particularly to a kind of method of controlling security.
【Background technique】
In the research field of network information system safe practice, divides from the strategy of reply invasion, can generally be divided into
Three phases:First stage is main research trust computing basis, access control and physical security, multistage in order to prevent to invade
Safety, password use;Second stage is after invasion occurs, how to detect and reduce loss, mainly studies firewall, invasion inspection
Examining system, boarder controller, Virtual Private Network, public key heterogeneous system etc.;The last stage is then information after invading successfully
How system manipulates and resists invasion, focuses mainly on the real-time detection of attack and the reality of response, system function and safety cost
Shi Quanheng, harm tolerance of invasion etc..The safety of network information system is that information system is to resist a kind of design of attack
Target, as engineer application, many research and development personnel devise many systems for adapting to safety and needing, but most of
All consider for experience, for more accurate design, needs to solve some common issues, such as how to assess and measure safety
Property.Based on above-mentioned problems, a kind of new method of controlling security is needed now, and the present invention can carry out the data got
Safety evaluation, the demand that the safety evaluation considers not only user itself also consider public demand, are based on safety
Assessment result carries out automatic safety protection, at the same time, moreover it is possible to effective Feedback is carried out to the data source for obtaining data, thus
Benign positive feedback is formed, the efficiency of security control is greatly improved.
【Summary of the invention】
In order to solve the above problem in the prior art, the invention proposes a kind of method of controlling security, this method includes
Following steps:
S1:Receive the source data from one or more servers;
S2:Safety evaluation is carried out to the source data.
Further, the step S2 is specifically, be scanned processing to the source data based on local security library;To institute
It states source data and carries out sensitivity analysis and processing.
Further, described that processing is scanned to the source data based on local security library;Specially:Based on local peace
Safety detection component in full library is scanned the source data, if scanning does not pass through, is based on unacceptable type pair
The source data is handled, if the unacceptable type is that can repair, is repaired to the source data, otherwise, will
The source data is deleted, and checks unacceptable reason, and the safety reparation of server is carried out based on the reason.
Further, periodically the local security library is updated based on Cloud Server.
Further, described that sensitivity analysis and processing are carried out to the source data, specially:Sensibility demand is obtained,
Sensitivity analysis is carried out to source data based on the sensibility demand, source data is handled based on sensitivity analysis result.
Further, the acquisition sensibility demand, specially:It is needed from the local local sensibility that obtains for receiving data source
It asks, public sensibility demand is obtained from public server, by the local sensibility demand and public sensibility demand combinations
To constitute sensibility demand.
Further, described that sensitivity analysis is carried out to source data based on the sensibility demand, specially:It will be described quick
Perceptual demand is formatted to form sensibility scan command set, and enforcement engine is based on the sensibility scan command pair
Source data carries out order and executes to find not meet the source data subset of sensibility demand.
Further, described that source data is handled based on sensitivity analysis result, specially:It is not inconsistent what is found
The type that do not meet for closing the source data subset of sensibility demand is analyzed, if public sensibility demand is not met, to pipe
Reason person feeds back the source data subset and there is the public sensibility demand that do not meet, and sends out corresponding source data subset as attachment
Give administrator;If not meeting local sensibility demand, the corresponding server of the source data subset is carried out in local
Mark;The source data subset is deleted.
Further, described to be labeled, specially:Reduce the different degree scoring of the server.
Beneficial effects of the present invention include:Safety evaluation, the safety evaluation can be carried out to the data got
The demand for considering not only user itself also considers public demand, carries out automatic safety guarantor based on safety evaluation result
Shield, at the same time, moreover it is possible to effective Feedback be carried out to the data source for obtaining data and greatly mentioned to form benign positive feedback
The high efficiency of security control.
【Detailed description of the invention】
Described herein the drawings are intended to provide a further understanding of the invention, constitutes part of this application, but
It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the flow chart of method of controlling security of the invention.
【Specific embodiment】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and says
It is bright to be only used to explain the present invention but not as a limitation of the invention.
A kind of method of controlling security applied by the present invention is described in detail, the method includes following step:
S1:The source data from one or more servers is received, safety evaluation is carried out to the source data;Specifically
's:Processing is scanned to the source data based on local security library;Sensitivity analysis and processing are carried out to the source data;
It is described that processing is scanned to the source data based on local security library;Specially:Based in local security library
Safety detection component is scanned the source data, if scanning does not pass through, based on unacceptable type to the source number
According to being handled, if the unacceptable type is that can repair, the source data is repaired, otherwise, by the source number
It according to deletion, and checks unacceptable reason, the safety reparation of server is carried out based on the reason;
Preferably:Periodically the local security library is updated based on Cloud Server;The Cloud Server is collected and is protected
Deposit all demands for security;
It is described that sensitivity analysis and processing are carried out to the source data, specially:Sensibility demand is obtained, based on described quick
Perceptual demand carries out sensitivity analysis to source data, is handled based on sensitivity analysis result source data;
The acquisition sensibility demand, specially:Local sensibility demand is obtained from the local of data source is received, from public
Public sensibility demand is obtained on server, by the local sensibility demand and public sensibility demand combinations to constitute sensitivity
Property demand;
It is described that sensitivity analysis is carried out to source data based on the sensibility demand, specially:By the sensibility demand
Format to form sensibility scan command set, enforcement engine be based on the sensibility scan command to source data into
Line command is executed to find not meet the source data subset of sensibility demand;
Preferably:The sensibility scan command is the command format that enforcement engine can identify;Such as:The sensibility
Scan command is sql command, and the enforcement engine is SQL query engine;
Preferably:The enforcement engine relies on server realization;
It is described that source data is handled based on sensitivity analysis result, specially:Sensibility is not met to what is found
The type that do not meet of the source data subset of demand is analyzed, if not meeting public sensibility demand, is fed back to administrator
The source data subset, which exists, does not meet public sensibility demand, and is sent to management using corresponding source data subset as attachment
Member;If not meeting local sensibility demand, the corresponding server of the source data subset is labeled in local;By institute
Source data subset is stated to be deleted;
It is described to be labeled, specially:Reduce the different degree scoring of the server;
S2:The source data is carried out to be analyzed to find that abnormal source data, abnormal source data is handled to obtain and go
Abnormal source data;
It is described that the source data is carried out to be analyzed to find that abnormal source data, specially:To the source from each server
The data volume of data calculates, if the data volume is less than first threshold, carries out to the corresponding server of the data volume different
Often assessment receives source data from the server again, until anomaly assessment result is normal if anomaly assessment result is normal
Or received number is more than the first frequency threshold value again;Otherwise, if the data volume is greater than second threshold, to the data
It measures corresponding server and carries out security evaluation, if assessment result is abnormal, receive source data from the server again, directly
It is normal to security assessment result or again received number is more than the second frequency threshold value;Otherwise, directly by the assessment result just
The corresponding source data of normal server, which is used as, goes abnormal source data;
Preferably:The source data is to be obtained based on data requirements from server;
Preferably:The server is one or more;
Preferably:If anomaly assessment result is abnormal or received number is more than or equal to the first frequency threshold value again,
Delete the corresponding source data of the server;
Preferably:If anomaly assessment result is abnormal, pause receives source data from the server, and sends self-test
Message gives the server, until the self-detection result that server itself carries out self-test is normal;One in the case of data volume is too small
As situation corresponding server itself there is exception;
Preferably:The server carry out self-test include the source data of server itself is obtained and is generated carry out self-test and
Self-test is carried out to the communication link between server and data receiver;
Preferably:If security assessment result is abnormal but the number that receives again is more than or equal to the second frequency threshold value,
Nocuousness is carried out to the source data, to obtain described going abnormal source data;
It is described that nocuousness is carried out to the source data, specially:It determines the harmful type, is chosen based on the type
Harmful way is gone to carry out nocuousness;
Preferably:For the harmful type of Data duplication, deduplication is carried out to the source data;For having for interior diveder wood
Evil type carries out Trojan discovery and deletion to the source data;
Preferably:First frequency threshold value and the second frequency threshold value are administrator setting;
Preferably:First frequency threshold value is greater than the second frequency threshold value;Situation problematic for security evaluation, can be with
By going nocuousness to obtain effective data, there is no need to carry out multiple trial;
S3:Abnormal source data is gone to carry out correlation analysis to described, based on correlation analysis result to going abnormal source data
It is handled and goes abnormal source data after handling with acquisition;Specifically:Abnormal source data and data demand will be gone to carry out correlation point
Analysis is to obtain correlation analysis result;It determines the need for re-starting abnormal source data based on the correlation analysis result
Acquisition;Based on the correlation analysis result to going abnormal source data to handle;
It is described that abnormal source data and data demand will be gone to carry out correlation analysis to obtain correlation analysis as a result, specific
For:Semantic analysis is carried out to obtain the type of the data requirements to the data requirements;The data requirements is segmented
Processing is to obtain one or more keywords;By one or more of keywords and it is described go abnormal source data to match with
The degree of correlation of abnormal source data is gone described in acquisition;Using the degree of correlation as the correlation analysis result;
It is described by one or more of keywords and it is described go abnormal source data to match with obtain described in go exception
The degree of correlation of source data, specially:By the keyword and it is described go the data in abnormal source data to match, described in calculating
The cumulative matches number of keyword;Abnormal source data average length is gone in acquisition;By cumulative matches number divided by going abnormal source data
Average length is to obtain the degree of correlation;Preferably:The step further includes:All keywords are recorded in gone in abnormal source data
With position;And the matching position is stored in matching queue according to matched sequencing;
The cumulative matches number for calculating the keyword, specially:The matching times of all keywords are carried out tired
Product is used as cumulative matches number;
Abnormal source data average length is gone in the acquisition, specially:Keyword average length is calculated, removes anomaly source for described
The length of data obtains abnormal source data average length divided by keyword average length;
Preferably:The data requirements indicates the type of the required source data of user;
Preferably:The type includes the type of product, the type of disease, type of game etc.;
The acquisition for determining the need for re-starting abnormal source data based on the correlation analysis result, specifically
For if the degree of correlation is less than or equal to the first relevance threshold and the different degree for going abnormal source data is more than different degree threshold
Value, then re-start the acquisition of abnormal source data;If the degree of correlation is too small, then it represents that the degree of correlation of data is too low, needs at this time
Resolving probiems are carried out from source;
The different degree is the corresponding different degree for obtaining server of abnormal source data;
It is described to be based on the correlation analysis result to going abnormal source data to handle, specially:If the correlation
Degree is less than the second relevance threshold and is greater than the first relevance threshold, goes abnormal source data based on described in matching queue determination
In there is no matched go abnormal segments of source data, if described, to go anomaly source data segment, length be more than the first length threshold,
The data in abnormal segments of source data are gone described in the deletion of selectivity, and go the remaining data of abnormal source data by successively suitable for described
Sequence is stitched together and goes abnormal source data as treated;
The data in abnormal segments of source data are gone described in the selective deletion, specially:Anomaly source number is removed described in deletion
According to all complete paragraghs in section;
Preferably:If the degree of correlation is more than or equal to the second relevance threshold, it is determined that described that abnormal source data is gone to deposit
In correlation;No longer abnormal source data is gone to handle to described;It will be described unprocessed and processed go abnormal source data
It merges as going abnormal source data after processing;
Preferably:Remote small and the second relevance threshold of first relevance threshold;
S4:Abnormal source data will be gone to submit to data requirements end after the processing;Specifically:Calculate go after each processing it is different
The different degree of normal source data, and abnormal source data will be gone according to submission source data is formed after importance sorting after the processing, it will
The submission source data submits to data requirements end in batches;
The different degree of abnormal source data is gone after each processing of calculating, specially:Anomaly source is removed after obtaining each processing
The corresponding server ranking PM of data;Obtain the data volume ratio that abnormal source data and unprocessed source data are gone after each processing
PR;The different degree IM is calculated based on following formula;IM=PM × PR;
It is described to go abnormal source data according to submission source data is formed after importance sorting after the processing, specially:It will
Abnormal source data is gone to submit source data to the composition that combines after small sequence according to the size of different degree after the processing;Pass through
Carry out the tissue of data in advance before data submission, improve user checks efficiency;
Preferably:Since going abnormal source data after the highest processing of different degree, successively for going exception after each processing
Source data extracts the data of the first quantity corresponding with the different degree, and the data of first quantity are stored in submission source
In data buffer storage;After a wheel extracts, next round extraction is carried out, the number in abnormal source data is removed after all processing
According to until extraction finishes;
Preferably:After every wheel is to the data for going abnormal source data to extract the first quantity after a processing, lower whorl is to the processing
Go the extraction of abnormal source data since until last fetched terminates afterwards;
The data for extracting the first quantity corresponding with the different degree, specially:Exception is gone after obtaining i-th of processing
The different degree IMi of source data removes the corresponding first quantity FNi of abnormal source data after calculating i-th of processing based on following formula;In this way, to abnormal source data is gone after each processing, the first quantity is different
, to embody the importance of not same source data;
It is described that the submission source data is submitted into data requirements end in batches, specially:Second is successively obtained from the beginning
The data of quantity, and the data of second quantity are submitted into data requirements end, until the submission source data has been submitted
Until finishing;
Preferably:Second quantity is related to the cache size at data requirements end;
Preferably:First quantity and the second quantity are preset value;
The above description is only a preferred embodiment of the present invention, thus it is all according to the configuration described in the scope of the patent application of the present invention,
The equivalent change or modification that feature and principle are done, is included in the scope of the patent application of the present invention.
Claims (9)
1. a kind of method of controlling security, which is characterized in that this method comprises the following steps:
S1:Receive the source data from one or more servers;
S2:Safety evaluation is carried out to the source data.
2. method of controlling security according to claim 1, which is characterized in that the step S2 is specifically, based on local peace
Full library is scanned processing to the source data;Sensitivity analysis and processing are carried out to the source data.
3. method of controlling security according to claim 2, which is characterized in that the local security library that is based on is to the source number
It is handled according to being scanned;Specially:The source data is scanned based on the safety detection component in local security library, if
Scanning does not pass through, then is handled based on unacceptable type the source data, if the unacceptable type is that can repair
It is multiple, the source data is repaired, otherwise, the source data is deleted, and check unacceptable reason, the reason is based on
Carry out the safety reparation of server.
4. method of controlling security according to claim 3, which is characterized in that periodically based on Cloud Server to the local peace
Full library is updated.
5. method of controlling security according to claim 4, which is characterized in that described to carry out sensibility point to the source data
Analysis and processing, specially:Sensibility demand is obtained, sensitivity analysis is carried out to source data based on the sensibility demand, is based on
Sensitivity analysis result handles source data.
6. method of controlling security according to claim 5, which is characterized in that the acquisition sensibility demand, specially:From
It receives the local of data source and obtains local sensibility demand, public sensibility demand is obtained from public server, by described
Ground sensibility demand and public sensibility demand combinations are to constitute sensibility demand.
7. method of controlling security according to claim 6, which is characterized in that described to be based on the sensibility demand to source number
According to sensitivity analysis is carried out, specially:The sensibility demand is formatted to form sensibility scan command set,
Enforcement engine carries out order to source data based on the sensibility scan command and executes to find not meet the source of sensibility demand
Data subset.
8. method of controlling security according to claim 7, which is characterized in that the sensitivity analysis result that is based on is to source number
According to being handled, specially:The type that do not meet of the source data subset for not meeting sensibility demand found is analyzed,
If not meeting public sensibility demand, feed back the source data subset to administrator needs in the presence of public sensibility is not met
It asks, and is sent to administrator using corresponding source data subset as attachment;If local sensibility demand is not met, in local
The corresponding server of the source data subset is labeled;The source data subset is deleted.
9. method of controlling security according to claim 8, which is characterized in that it is described to be labeled, specially:Described in reduction
The different degree of server scores.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420903.3A CN108881159B (en) | 2018-05-04 | 2018-05-04 | Safety control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420903.3A CN108881159B (en) | 2018-05-04 | 2018-05-04 | Safety control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108881159A true CN108881159A (en) | 2018-11-23 |
| CN108881159B CN108881159B (en) | 2022-06-21 |
Family
ID=64326993
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810420903.3A Active CN108881159B (en) | 2018-05-04 | 2018-05-04 | Safety control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108881159B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080235801A1 (en) * | 2007-03-20 | 2008-09-25 | Microsoft Corporation | Combining assessment models and client targeting to identify network security vulnerabilities |
| CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
| CN107292174A (en) * | 2016-03-31 | 2017-10-24 | 中国电子科技集团公司电子科学研究院 | A kind of cloud computing system security assessment method and device |
| CN107292175A (en) * | 2016-04-01 | 2017-10-24 | 中兴通讯股份有限公司 | Server apparatus method for managing security and device |
-
2018
- 2018-05-04 CN CN201810420903.3A patent/CN108881159B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080235801A1 (en) * | 2007-03-20 | 2008-09-25 | Microsoft Corporation | Combining assessment models and client targeting to identify network security vulnerabilities |
| CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
| CN107292174A (en) * | 2016-03-31 | 2017-10-24 | 中国电子科技集团公司电子科学研究院 | A kind of cloud computing system security assessment method and device |
| CN107292175A (en) * | 2016-04-01 | 2017-10-24 | 中兴通讯股份有限公司 | Server apparatus method for managing security and device |
Non-Patent Citations (3)
| Title |
|---|
| 李满华等: "数据仓库技术在网络信息安全风险评估系统中的应用", 《井冈山大学学报(自然科学版)》 * |
| 蒙晶等: "基于信息融合的网络安全态势评估模型", 《科技资讯》 * |
| 高飞等: "基于数据融合和HM Ms的风险评估方法", 《信息安全与通信保密》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108881159B (en) | 2022-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107241352B (en) | Network security event classification and prediction method and system | |
| US9916447B2 (en) | Active defense method on the basis of cloud security | |
| US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
| CN102664875B (en) | Malicious code type detection method based on cloud mode | |
| US8955133B2 (en) | Applying antimalware logic without revealing the antimalware logic to adversaries | |
| CN112114995B (en) | Terminal abnormality analysis method, device, equipment and storage medium based on process | |
| KR101589656B1 (en) | System and method for detecting and inquiring metamorphic malignant code based on action | |
| KR102120214B1 (en) | Cyber targeted attack detect system and method using ensemble learning | |
| JP7311350B2 (en) | MONITORING DEVICE, MONITORING METHOD, AND MONITORING PROGRAM | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| US20040098405A1 (en) | System and Method for Automated Link Analysis | |
| CN109951419A (en) | A kind of APT intrusion detection method based on attack chain attack rule digging | |
| CN105024987A (en) | Web service log monitoring method and apparatus | |
| KR102022058B1 (en) | Method and system for detecting counterfeit of web page | |
| KR102189127B1 (en) | A unit and method for processing rule based action | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| KR102318991B1 (en) | Method and device for detecting malware based on similarity | |
| CN108881159A (en) | A kind of method of controlling security | |
| US9742641B2 (en) | System and method for identifying real users behind application servers | |
| CN102915422A (en) | computer security protection method, device and system | |
| CN115801361A (en) | Network security operation and maintenance capability assessment method and system | |
| CN112437921B (en) | System, method, and non-transitory computer readable medium for network attack detection | |
| CN113326511B (en) | File repair method, system, equipment and medium | |
| KR101188307B1 (en) | System and method of network activity monitoring to particular process | |
| Siraj et al. | Analyzing ANOVA F-test and Sequential Feature Selection for Intrusion Detection Systems. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |